-
openssh (1:8.2p1-4ubuntu0.11) focal-security; urgency=medium
* SECURITY UPDATE: Supplemental groups not initialized
- debian/patches/CVE-2021-41617-1.patch: add initgroups()
before setresgid() in auth.c.
- debian/patches/CVE-2021-41617-2.patch: add grp.h in auth.c.
- CVE-2021-41617
* SECURITY UPDATE: command injection via shell metacharacters
- debian/patches/CVE-2023-51385.patch: ban user/hostnames with most
shell metacharacters in ssh.c.
- CVE-2023-51385
-- Marc Deslauriers <email address hidden> Tue, 02 Jan 2024 12:13:02 -0500
-
openssh (1:8.2p1-4ubuntu0.10) focal-security; urgency=medium
* SECURITY UPDATE: Prefix truncation attack on BPP
- debian/patches/CVE-2023-48795.patch: implement "strict key exchange"
in PROTOCOL, kex.c, kex.h, packet.c, sshconnect2.c, sshd.c.
- CVE-2023-48795
-- Marc Deslauriers <email address hidden> Mon, 18 Dec 2023 11:35:39 -0500
-
openssh (1:8.2p1-4ubuntu0.9) focal-security; urgency=medium
* SECURITY UPDATE: information leak in algorithm negotiation (LP: #2030275)
- debian/patches/CVE-2020-14145-mitigation.patch: tweak the client
hostkey preference ordering algorithm in sshconnect2.c.
- Note: This update does not solve CVE-2020-14145, but does mitigate
the issue in the specific scenario where the user has a key that
matches the best-preference default algorithm.
-- Marc Deslauriers <email address hidden> Fri, 04 Aug 2023 18:02:08 -0400
-
openssh (1:8.2p1-4ubuntu0.8) focal-security; urgency=medium
* SECURITY UPDATE: remote code execution relating to PKCS#11 providers
- debian/patches/CVE-2023-38408-1.patch: terminate process if requested
to load a PKCS#11 provider that isn't a PKCS#11 provider in
ssh-pkcs11.c.
- debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
- CVE-2023-38408
-- Marc Deslauriers <email address hidden> Wed, 19 Jul 2023 15:56:59 -0400
-
openssh (1:8.2p1-4ubuntu0.7) focal; urgency=medium
* d/p/lp2012298-upstream-fix-match-in-d-config.patch: Allow ssh_config.d/
configuration files to correctly update the PasswordAuthentication setting
(LP: #2012298)
-- Lena Voytek <email address hidden> Mon, 03 Apr 2023 15:47:13 -0700
-
openssh (1:8.2p1-4ubuntu0.6) focal; urgency=medium
* d/p/fix-outdated-info-ssh-conf.patch: Fix outdated information
(LP: #1871465)
-- Michal Maloszewski <email address hidden> Tue, 26 Jul 2022 21:51:55 +0200
-
openssh (1:8.2p1-4ubuntu0.5) focal; urgency=medium
* d/p/fix-connect-timeout-overflow.patch: prevent ConnectTimeout overflow.
(LP: #1903516)
[ Sergio Durigan Junior ]
* d/p/lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch:
Preserve group/world read permissions on known_hosts. (LP: #1966591)
-- Athos Ribeiro <email address hidden> Wed, 30 Mar 2022 10:03:15 -0300
-
openssh (1:8.2p1-4ubuntu0.4) focal; urgency=medium
* d/p/match-host-certs-w-public-keys.patch: Add patch
to match host certificates agianst host public keys.
(LP: #1952421)
-- ChloƩ S <email address hidden> Thu, 02 Dec 2021 22:38:52 +0000
-
openssh (1:8.2p1-4ubuntu0.3) focal; urgency=medium
* d/systemd/ssh@.service: preserve the systemd managed runtime directory to
ensure parallel processes will not disrupt one another when halting
(LP: #1905285)
-- Athos Ribeiro <email address hidden> Fri, 23 Jul 2021 09:55:12 -0300
-
openssh (1:8.2p1-4ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: double-free memory corruption in ssh-agent
- debian/patches/CVE-2021-28041.patch: set ext_name to NULL after
freeing it so it doesn't get freed again later on in ssh-agent.c.
- CVE-2021-28041
-- Marc Deslauriers <email address hidden> Tue, 09 Mar 2021 09:17:50 -0500
-
openssh (1:8.2p1-4ubuntu0.1) focal; urgency=medium
* d/p/lp-1876320-*: avoid applying defaults for every include statement
(LP: #1876320)
-- Christian Ehrhardt <email address hidden> Fri, 29 May 2020 09:37:09 +0200
-
openssh (1:8.2p1-4) unstable; urgency=medium
* Add /etc/ssh/ssh_config.d/ to openssh-client.
* Add /etc/ssh/sshd_config.d/ to openssh-server (closes: #952427).
* Install ssh-sk-helper even on non-Linux architectures, though it will
need an external middleware library in those cases.
-- Colin Watson <email address hidden> Wed, 26 Feb 2020 10:55:07 +0000
-
openssh (1:8.2p1-3) unstable; urgency=medium
* Reupload with -sa to work around confusion with 1:8.2p1-1 being in NEW.
-- Colin Watson <email address hidden> Sun, 23 Feb 2020 13:30:01 +0000
-
openssh (1:8.2p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/txt/release-8.2, closes:
#951582):
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures
(i.e. the client and server CASignatureAlgorithms option) and will use
the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1)
CA signs new certificates.
- ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default
key exchange proposal for both the client and server.
- ssh-keygen(1): The command-line options related to the generation and
screening of safe prime numbers used by the
diffie-hellman-group-exchange-* key exchange algorithms have changed.
Most options have been folded under the -O flag.
- sshd(8): The sshd listener process title visible to ps(1) has changed
to include information about the number of connections that are
currently attempting authentication and the limits configured by
MaxStartups.
- Add support for FIDO/U2F hardware authenticators.
- ssh-keygen(1): Add a "no-touch-required" option when generating
FIDO-hosted keys, that disables their default behaviour of requiring a
physical touch/tap on the token during authentication. Note: not all
tokens support disabling the touch requirement.
- sshd(8): Add a sshd_config PubkeyAuthOptions directive that collects
miscellaneous public key authentication-related options for sshd(8).
At present it supports only a single option "no-touch-required". This
causes sshd to skip its default check for FIDO/U2F keys that the
signature was authorised by a touch or press event on the token
hardware.
- ssh(1), sshd(8), ssh-keygen(1): Add a "no-touch-required" option for
authorized_keys and a similar extension for certificates. This option
disables the default requirement that FIDO key signatures attest that
the user touched their key to authorize them, mirroring the similar
PubkeyAuthOptions sshd_config option.
- ssh-keygen(1): Add support for the writing the FIDO attestation
information that is returned when new keys are generated via the "-O
write-attestation=/path" option. FIDO attestation certificates may be
used to verify that a FIDO key is hosted in trusted hardware. OpenSSH
does not currently make use of this information, beyond optionally
writing it to disk.
- Add support for FIDO2 resident keys.
- sshd(8): Add an Include sshd_config keyword that allows including
additional configuration files via glob(3) patterns (closes: #631189).
- ssh(1)/sshd(8): Make the LE (low effort) DSCP code point available via
the IPQoS directive.
- ssh(1): When AddKeysToAgent=yes is set and the key contains no
comment, add the key to the agent with the key's path as the comment.
- ssh-keygen(1), ssh-agent(1): Expose PKCS#11 key labels and X.509
subjects as key comments, rather than simply listing the PKCS#11
provider library path.
- ssh-keygen(1): Allow PEM export of DSA and ECDSA keys.
- sshd(8): When clients get denied by MaxStartups, send a notification
prior to the SSH2 protocol banner according to RFC4253 section 4.2
(closes: #275458).
- ssh(1), ssh-agent(1): When invoking the $SSH_ASKPASS prompt program,
pass a hint to the program to describe the type of desired prompt.
The possible values are "confirm" (indicating that a yes/no
confirmation dialog with no text entry should be shown), "none" (to
indicate an informational message only), or blank for the original
ssh-askpass behaviour of requesting a password/phrase.
- ssh(1): Allow forwarding a different agent socket to the path
specified by $SSH_AUTH_SOCK, by extending the existing ForwardAgent
option to accepting an explicit path or the name of an environment
variable in addition to yes/no.
- ssh-keygen(1): Add a new signature operations "find-principals" to
look up the principal associated with a signature from an
allowed-signers file.
- sshd(8): Expose the number of currently-authenticating connections
along with the MaxStartups limit in the process title visible to "ps".
- sshd(8): Make ClientAliveCountMax=0 have sensible semantics: it will
now disable connection killing entirely rather than the current
behaviour of instantly killing the connection after the first liveness
test regardless of success.
- sshd(8): Clarify order of AllowUsers / DenyUsers vs AllowGroups /
DenyGroups in the sshd(8) manual page.
- sshd(8): Better describe HashKnownHosts in the manual page.
- sshd(8): Clarify that that permitopen=/PermitOpen do no name or
address translation in the manual page.
- sshd(8): Allow the UpdateHostKeys feature to function when multiple
known_hosts files are in use. When updating host keys, ssh will now
search subsequent known_hosts files, but will add updated host keys to
the first specified file only.
- All: Replace all calls to signal(2) with a wrapper around
sigaction(2). This wrapper blocks all other signals during the
handler preventing races between handlers, and sets SA_RESTART which
should reduce the potential for short read/write operations.
- sftp(1): Fix a race condition in the SIGCHILD handler that could turn
in to a kill(-1).
- sshd(8): Fix a case where valid (but extremely large) SSH channel IDs
were being incorrectly rejected.
- ssh(1): When checking host key fingerprints as answers to new hostkey
prompts, ignore whitespace surrounding the fingerprint itself.
- All: Wait for file descriptors to be readable or writeable during
non-blocking connect, not just readable. Prevents a timeout when the
server doesn't immediately send a banner (e.g. multiplexers like
sslh).
- sshd_config(5): Document the <email address hidden>
key exchange algorithm.
* Add more historical md5sums of /etc/ssh/sshd_config between 1:7.4p1-1
and 1:7.8p1-1 inclusive (closes: #951220).
* ssh(1): Explain that -Y is equivalent to -X in the default configuration
(closes: #951640).
* Include /etc/ssh/ssh_config.d/*.conf from /etc/ssh/ssh_config and
/etc/ssh/sshd_config.d/*.conf from /etc/ssh/sshd_config (closes:
#845315).
-- Colin Watson <email address hidden> Fri, 21 Feb 2020 16:36:37 +0000
-
openssh (1:8.1p1-5) unstable; urgency=medium
* Apply upstream patches to allow clock_nanosleep() and variants in the
seccomp sandbox, fixing failures with glibc 2.31.
* Apply upstream patch to deny (non-fatally) ipc in the seccomp sandbox,
fixing failures with OpenSSL 1.1.1d and Linux < 3.19 on some
architectures (closes: #946242).
-- Colin Watson <email address hidden> Sat, 11 Jan 2020 23:55:03 +0000
-
openssh (1:8.1p1-4) unstable; urgency=medium
* Apply upstream patch to stop using 2020 as a future date in regress
tests.
-- Colin Watson <email address hidden> Thu, 09 Jan 2020 11:42:10 +0000
-
openssh (1:8.1p1-3) unstable; urgency=medium
[ Colin Watson ]
* Drop suggestion of rssh, since it's been removed (see
https://bugs.debian.org/923691).
[ Steve Langasek ]
* Don't build openssh-tests on Ubuntu i386 (closes: #948466).
-- Colin Watson <email address hidden> Thu, 09 Jan 2020 00:29:58 +0000
-
openssh (1:8.1p1-2) unstable; urgency=medium
* Drop "Allow flock and ipc syscall for s390 architecture" patch for now;
upstream has security concerns with it and it doesn't currently seem to
be needed.
* Mark openssh-sftp-server, openssh-tests, ssh, and ssh-askpass-gnome as
Multi-Arch: foreign; none of them provide any architecture-dependent
interfaces.
-- Colin Watson <email address hidden> Wed, 11 Dec 2019 23:53:49 +0000
-
openssh (1:8.1p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/txt/release-8.1):
- ssh(1), sshd(8), ssh-agent(1): Add protection for private keys at rest
in RAM against speculation and memory side-channel attacks like
Spectre, Meltdown and Rambleed. This release encrypts private keys
when they are not in use with a symmetric key that is derived from a
relatively large "prekey" consisting of random data (currently 16KB).
- ssh(1): Allow %n to be expanded in ProxyCommand strings.
- ssh(1), sshd(8): Allow prepending a list of algorithms to the default
set by starting the list with the '^' character, e.g.
"HostKeyAlgorithms ^ssh-ed25519".
- ssh-keygen(1): Add an experimental lightweight signature and
verification ability. Signatures may be made using regular ssh keys
held on disk or stored in a ssh-agent and verified against an
authorized_keys-like list of allowed keys. Signatures embed a
namespace that prevents confusion and attacks between different usage
domains (e.g. files vs email).
- ssh-keygen(1): Print key comment when extracting public key from a
private key.
- ssh-keygen(1): Accept the verbose flag when searching for host keys in
known hosts (i.e. "ssh-keygen -vF host") to print the matching host's
random-art signature too.
- All: Support PKCS8 as an optional format for storage of private keys
to disk. The OpenSSH native key format remains the default, but PKCS8
is a superior format to PEM if interoperability with non-OpenSSH
software is required, as it may use a less insecure key derivation
function than PEM's.
- ssh(1): If a PKCS#11 token returns no keys then try to login and
refetch them.
- ssh(1): Produce a useful error message if the user's shell is set
incorrectly during "match exec" processing.
- sftp(1): Allow the maximum uint32 value for the argument passed to -b
which allows better error messages from later validation.
- ssh-keyscan(1): Include SHA2-variant RSA key algorithms in KEX
proposal; allows ssh-keyscan to harvest keys from servers that disable
old SHA1 ssh-rsa.
- sftp(1): Print explicit "not modified" message if a file was requested
for resumed download but was considered already complete.
- sftp(1): Fix a typo and make <esc><right> move right to the closest
end of a word just like <esc><left> moves left to the closest
beginning of a word.
- sshd(8): Cap the number of permitopen/permitlisten directives allowed
to appear on a single authorized_keys line.
- All: Fix a number of memory leaks (one-off or on exit paths).
- ssh(1), sshd(8): Check for convtime() refusing to accept times that
resolve to LONG_MAX.
- ssh(1): Slightly more instructive error message when the user
specifies multiple -J options on the command-line (closes: #929669).
- ssh-agent(1): Process agent requests for RSA certificate private keys
using correct signature algorithm when requested.
- sftp(1): Check for user@host when parsing sftp target. This allows
user@[1.2.3.4] to work without a path.
- sshd(8): Enlarge format buffer size for certificate serial number so
the log message can record any 64-bit integer without truncation.
- sshd(8): For PermitOpen violations add the remote host and port to be
able to more easily ascertain the source of the request. Add the same
logging for PermitListen violations which were not previously logged
at all.
- scp(1), sftp(1): Use the correct POSIX format style for left
justification for the transfer progress meter.
- sshd(8): When examining a configuration using sshd -T, assume any
attribute not provided by -C does not match, which allows it to work
when sshd_config contains a Match directive with or without -C.
- ssh(1), ssh-keygen(1): Downgrade PKCS#11 "provider returned no slots"
warning from log level error to debug. This is common when attempting
to enumerate keys on smartcard readers with no cards plugged in.
- ssh(1), ssh-keygen(1): Do not unconditionally log in to PKCS#11
tokens. Avoids spurious PIN prompts for keys not selected for
authentication in ssh(1) and when listing public keys available in a
token using ssh-keygen(1).
- ssh(1), sshd(8): Fix typo that prevented detection of Linux VRF.
- sshd(8): In the Linux seccomp-bpf sandbox, allow mprotect(2) with
PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened
heap allocators.
- sshd(8): In the Linux seccomp-bpf sandbox, allow the s390-specific
ioctl for ECC hardware support.
* Re-enable hardening on hppa, since the corresponding GCC bug is
apparently fixed.
-- Colin Watson <email address hidden> Thu, 10 Oct 2019 10:23:19 +0100
-
openssh (1:8.0p1-6build1) eoan; urgency=medium
* No-change rebuild to drop runit dependency
-- Steve Langasek <email address hidden> Thu, 12 Sep 2019 18:53:16 +0000